How to setup cookie free or cookie less sub domain in java?

UPDATED: 24 May 2013
Before we start tutorial about creating cookie free or cookie less domain in java. You'll need to setup sub domain. To setup sub domain in java + tomcat7 read the article : http://www.javaquery.com/2013/05/how-to-configure-subdomain-in-tomcat-7.html

Why should i create cookie free or cookie less sub domain for static content? 
    Below image helps you to understand the real time scenario. Lets say you set your cookie's domain ".domain.com". Browser use this cookies when you request content from static.domain.com and creates network traffic. Read more about cookie free domain : http://developer.yahoo.com/performance/rules.html#cookie_free


Cookies
Cookies
Solution: To get over this problem you must set domain of cookie like www.domain.com .We can forcefully insert www in URL. If URL contains www then cookies will created for domain "www.domain.com".

Scenario: I'll demonstrate the example where i forcefully insert WWW for home page. So on each login cookies create only for www.domain.com . I'll also demonstrate URL redirect when there is request for webpage don't have WWW in URL (i.e: http://domain.com/message/view.jsp?id=125) and request for cookies.

Insert below code in your index.jsp (i.e: home page) at the start of the page.
// index.jsp
    String referer = request.getParameter("url");

    if (referer == null && !request.getHeader("host").contains("www")) {
        response.sendRedirect("http://www.domain.com");
    } else if (referer!=null && !referer.equals("index.jsp") && (referer.indexOf("www")<0 referer.indexof="" www="">10)) {
        referer = referer.substring(referer.indexOf("//") + 2, referer.length());
        referer = "http://www." + referer;
        response.sendRedirect(referer);
    }

We use the else if code when there is a request come for other page except home page (i.e: http://domain.com/message/view.jsp?id=125). So...

Now we must check each page's URL for WWW in it. Insert below code in every page or create one checkURL.jsp page and include it in every page.
        boolean login = true;
        ...
        ...
        /* Read cookies for www.domain.com
         * if you can read it then okay but you can't then set login = false;
         * It'll be redirected to index.jsp and insert WWW in its URL and redirect to that page again.
         */
        if(!login){ 
        StringBuffer requestURL = request.getRequestURL();
        if (request.getQueryString() != null) {
            requestURL.append("?").append(request.getQueryString());
        }
        String completeURL = requestURL.toString();
        response.sendRedirect("index.jsp?url="+completeURL);
        }

So now on cookies created only for www.domain.com . Browser no more sends cookie in request for static.domain.com .

0 comments :